Educause Security Discussion mailing list archives
Re: Google Hacking
From: "Greene, Allen" <Allen.Greene () ROCHESTER EDU>
Date: Fri, 21 Nov 2014 18:21:20 +0000
Thanks everyone for the great tips, really appreciate them! Allen Greene | Security Analyst Senior University of Rochester | University IT Security and Policy Office: (585) 275-7335 | Allen.Greene () Rochester edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Keller, Alex Sent: Wednesday, November 19, 2014 5:57 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Google Hacking Great topic. I recommend testing and tuning your Pastebin alert search strings, too general and the results may include extraneous posts and will likely exceed the free account limits which I believe is 10 total alerts, after which the alerts are disabled; clearly an encouragement to upgrade to the PRO version (quite affordable) which removes such limitations. If you want to deep dive on search based vulnerability discovery and pen testing, check out the awesome SearchDiggity tool: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.bishopfox.com_resources_tools_google-2Dhacking-2Ddiggity_attack-2Dtools_&d=AAIFAw&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=T5oAQXjguSn0bH5SH7HpHqg3stiWKRNzMSNknfVPqtE&m=swqMJT4qWimv57H_oXG6qeWZlPJCxqMkMtalUMXeI48&s=OKRp2z-cQNyCS5VAOMZOdilgwpvPT3JnpN1MZxdQCuE&e= No discussion of this topic would be complete without recognizing the contributions of Johnny "I hack stuff" Long who wrote the seminal book on the subject and founded the Google Hacking Database (GHDB) now hosted by the Offensive Security team at https://urldefense.proofpoint.com/v2/url?u=http-3A__www.exploit-2Ddb.com_google-2Ddorks_&d=AAIFAw&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=T5oAQXjguSn0bH5SH7HpHqg3stiWKRNzMSNknfVPqtE&m=swqMJT4qWimv57H_oXG6qeWZlPJCxqMkMtalUMXeI48&s=cpMHKeFLqKSk5VBCz-LuL3JeYhe1yb-dYlzb4FC7iTE&e= . Best, alex Alex Keller Information Technology Stanford School of Engineering axkeller () stanford edu (650) 736-6421 From: The EDUCAUSE Security Constituent Group Listserv [https://urldefense.proofpoint.com/v2/url?u=http-3A__mailto-3ASECURITY-40LISTSERV.EDUCAUSE.EDU&d=AAIFAw&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=T5oAQXjguSn0bH5SH7HpHqg3stiWKRNzMSNknfVPqtE&m=swqMJT4qWimv57H_oXG6qeWZlPJCxqMkMtalUMXeI48&s=U_K0elUCMaBN5q0_u3rtwaT-d0_AxWciH5DT4fDtEPI&e= ] On Behalf Of Jason Todd Sent: Wednesday, November 19, 2014 1:50 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Google Hacking We've had Pastebin alerting for a while with great success. One thing to keep in mind is sometimes the pastes are removed so you need to respond quickly to the notifications. Jason Jason Todd Network Security Officer Western University of Health Sciences ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of David James Anderson <David.Anderson () NAU EDU> Sent: Wednesday, November 19, 2014 13:30 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Google Hacking +1 on Pastebin alerts, they've helped us immensely. -- -David. David Anderson Information Security Analyst, Senior Information Technology Services Northern Arizona University (928) 523-1225 On Nov 19, 2014, at 2:20 PM, Greene, Allen <Allen.Greene () ROCHESTER EDU> wrote: Great tip, wasn't aware that Pastebin had similar alerts. Thanks! Allen Greene | Security Analyst Senior University of Rochester | University IT Security and Policy Office: (585) 275-7335 | Allen.Greene () Rochester edu <image002.png> From: The EDUCAUSE Security Constituent Group Listserv [https://urldefense.proofpoint.com/v2/url?u=http-3A__mailto-3ASECURITY-40LISTSERV.EDUCAUSE.EDU&d=AAIFAw&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=T5oAQXjguSn0bH5SH7HpHqg3stiWKRNzMSNknfVPqtE&m=swqMJT4qWimv57H_oXG6qeWZlPJCxqMkMtalUMXeI48&s=U_K0elUCMaBN5q0_u3rtwaT-d0_AxWciH5DT4fDtEPI&e= ] On Behalf Of Brad Judy Sent: Wednesday, November 19, 2014 4:18 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Google Hacking One caveat is that as Google has gotten more into advanced and customized search algorithms, the results may no longer be comprehensive. In particular, if you set up a Google alert under a Google account, it runs the search under the tailored context of that account and I (and others) have seen many misses of Google indexed content because the tailoring ignores those items. If you want to do Google hacking, make sure it uses a context with no Google account or Google cookies. Or, try to keep a clean Google account that is only ever used for the Google alerts (it can be tricky to totally avoid Google's user metadata vacuum). I highly recommend setting up Pastebin alerts as well if you haven't looked into it. It can give you quick notification of a dump of credentials that includes individuals from your school. One Google hack to consider is a search like: Site:school.edu Filetype:xls SSN (or other words like "social security" "student ID", etc.) Brad Judy Director of UIS Security University Information Systems University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu <image003.jpg> From: The EDUCAUSE Security Constituent Group Listserv [https://urldefense.proofpoint.com/v2/url?u=http-3A__mailto-3ASECURITY-40LISTSERV.EDUCAUSE.EDU&d=AAIFAw&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=T5oAQXjguSn0bH5SH7HpHqg3stiWKRNzMSNknfVPqtE&m=swqMJT4qWimv57H_oXG6qeWZlPJCxqMkMtalUMXeI48&s=U_K0elUCMaBN5q0_u3rtwaT-d0_AxWciH5DT4fDtEPI&e= ] On Behalf Of Greene, Allen Sent: Wednesday, November 19, 2014 8:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Google Hacking Greetings All, We're looking at expanding our information disclosure program into Google Hacking. I'm wondering if someone else out there is currently utilizing this method or developed a program around unauthorized information disclosure? I've done a good deal of research on this already, I'm curious how other institutions may have already implemented this and any feedback on their experience. Thanks & Happy Holidays! Allen Allen Greene | Security Analyst Senior University of Rochester | University IT Security and Policy Office: (585) 275-7335 | Allen.Greene () Rochester edu <image004.png>
Current thread:
- Google Hacking Greene, Allen (Nov 19)
- Re: Google Hacking Brad Judy (Nov 19)
- Re: Google Hacking Greene, Allen (Nov 19)
- Re: Google Hacking David James Anderson (Nov 19)
- Re: Google Hacking Jason Todd (Nov 19)
- Re: Google Hacking Keller, Alex (Nov 19)
- Re: Google Hacking Greene, Allen (Nov 21)
- Re: Google Hacking Greene, Allen (Nov 19)
- Re: Google Hacking Brad Judy (Nov 19)